mFilterIt Blogs

APP Piracy – Threat to Privacy, Ad-Fraud and Brand Safety

85% of apps can be decompiled and modified to be injected with malicious code triggering undesired behaviour of an app with ulterior motives.

APPs have become the default interface for users to interact digitally with people, services and platforms.  Globally, there are estimated 3 million apps available on Google Play Store.  The common man perception is an app is a distinct and infringeable digital asset of an organisation.  Especially, when it is on a platform like Google Play Store or Apple App Store, people take it to be genuine.

The fact of the matter is that an app too can be pirated.  Techniques like decompiling of an app and then modifying the package with malicious code lines make an app vulnerable.   Essentially there are three main threats that emanate from a pirated app.

Privacy Compromised:  Irrespective of any such app available over a play store or otherwise, if a user inadvertently installs a pirated app considering it to be a genuine version, there is a higher probability of that app being able to access the personal data including contacts, SMSs, pictures and other sensitive data that must be stored on a Smartphone.

Ad-Fraud: Compromised apps are the best medium for fraudsters to control a Smartphone, a publishing medium to fake traffic, users or events.  With malicious code lines put along with the app, digital ad-fraudsters get impressions, install apps as well as even trigger clicks, etc., to fake KPIs agreed with an advertiser whose campaigns are being run.  At the same time, ill-practiced publishers steal the organic traffic of mobile apps / browser to credit any activity a user does with the motive of earning the attribution without doing any hard work.  In this case, such publisher reports ‘stolen’ traffic as theirs and credits the attribution to get paid for something that it never did.  This also demotivates the digital marketing team as organic traffic earned after painstaking efforts is tagged as inorganic.

Brand Safety:  Another important ramification of a pirated app version is the damage it causes to the image and reputation of a brand.  Since, the app is compromised, its behaviour cannot be guaranteed to be in-line with the tenets of a brand, its philosophy and guidelines.  This means a spectrum of issues.  In its simplest forms, the brand through this rogue app could be seen as promoting theft of data, infringing into privacy, display of obscene content, and several similar issues.  Since, this app is not in the control of the actual brand, it would not act as a responsible digital asset representing it.

App piracy has not been unfortunately getting its due mindshare from the ecosystem including governments. There is a need to have strict regulatory guidelines about app piracy for the various damages it could result in ranging from hampering privacy of an individual to hurting national interests. While, it’s important to have a national consensus around app piracy, brands cannot and should not wait for the government to intervene. Marketers, in fact every organisation, institution and entity having an app, must keep a vigil on the pirated versions of their apps available either over the play store or through non-play store platforms.

Android RAT tools like FatRat as well as other powerful tools like Metasploit help to pass through the security layers of Android by circumventing the security policies and can even bypass an Antivirus and Firewalls allowing attackers access to a Meterpreter session. These publicly available tools add to the vulnerability of an app where even app permissions are compromised. So, while a genuine version of an app will be genuinely seeking 10 permissions from the device, a pirated version might be taking entirely different or some more critical permissions which are not required by the app at all, but fraudsters modify them for their own ulterior intentions.

mFilterIt helps its clients monitor any pirated version created over several alternate app stores and also identifies the modification – addition or deletion of permissions fiddled with such duplicated versions. Below are some of the examples to highlight.

AppAPK StorePermissions Modified
FlipkartAPKPURE–       READ_CALL_LOG   –       CHANGE_WIFI_STATE
PhonePeAPKMONK   APKDL–       ACCESS_WIFI_STATE   –       DOWNLOAD_WITHOUT_NOTIFICATION –       BLUETOOTH –       BLUETOOTH_ADMIN –       INSTALL_SHORTCUT –       UNINSTALL_SHORTCUT
HotstarAPKCAFE–       C2D_MESSAGE   –       NFC –       LOCATION_HARDWARE
ZomatoAPK20–       BLUETOOTH   –       BLUETOOTH_ADMIN
GoDaddyAPKMONK–       READ_CONTACTS   –       C2D_MESSAGE

In all the above examples, mFilterIt scanned the pirated versions of these popular apps on various APK Stores and also identified the modified permissions. This helped the clients to take necessary actions and also understand the motive behind creating such pirated versions which ranged from infringing piracy of legitimate users as well as use these apps for ad-fraud.

Monitoring of pirated app versions is important for every organisation. However, in sensitive domains like government, security, BFSI, healthcare, etc., its importance becomes paramount. Consumers need to have a surety and trust that the app they are installing on their devices is the verified version of the organisation or any other entity they are engaging with. In fact, there should be public repository of identified pirated app versions and consumers must be made periodically aware about such fake apps.